Figure 3.1: George Shapovalov
Proposed changes to how ebuilds are managed
The explosive growth of Gentoo Linux has brought on its share of growing pains, one of which is the fact that Gentoo Linux now has over 4000 packages in the Portage tree, with under 100 active developers to maintain them all. With a ratio of 40 packages per developer, its no surprise that some applications have fallen behind their most current versions.
In an effort to remedy at least part of this problem, Gentoo developer Dan Armak recently summarized and RFC'd a proposal for reorganizing how Gentoo Linux manages and maintains ebuilds within the Portage tree. The new proposal has four key features:
Currently, this solution is in the draft stage and is subject to revision or even complete abandonment if a better solution comes along.
Many of the Gentoo Linux mailing lists have been abuzz this week regarding developer communication, the openness of the private gentoo-core list and other issues related to keeping users appraised of the future of Gentoo Linux. In an effort to address these issues, the following changes will be made:
Users can help this effort by ensuring that each list is used for its proper purpose. gentoo-user is for support-related questions and general discussion about Gentoo Linux. gentoo-dev is for discussions related to the development of Gentoo Linux.
Earlier this week, tcl-8.4.2 was added to the testing tree ahead of schedule and before the supporting scripts to help users migrate from previous versions of tcl were in place. tcl-8.4.2 requires all applications using tcl to be recompiled before they will function with the new version. The development team is working on a migration strategy to help users migrate from previous versions. In the meantime, anyone using ACCEPT_KEYWORDS="~<arch>" should be aware of the recompilation requirements.
The snort intrusion detection package has been found to contain an integer overflow vulnerability that could permit a DoS attack on a vulnerable computer. It is theoretically possible to exploit the overflow to run arbitrary code as the snort user, typically root. This compromise may be corrected by disabling the stream4 preprocessor in snort.conf. Doing so reduces the utility of snort.
The following new security bugs were posted this week:
3. Featured Developer of the Week
George Shapovalov
Figure 3.1: George Shapovalov |
|
This week's featured developer, George Shapovalov, is the caretaker of app-sci and "alternative" parts of dev-lang (mostly Pascal-esque and functional languages like Caml and Haskell) and the coordinator of the Russian Gentoo community, and also spends a lot of time tackling organizational and design-related issues, his most notable contribution being the "distributed ebuild processing system" he proposed. Posted as Bug #1523, it was a proposed method to ease the load on the core developers' shoulders by delegating ebuild review to users. George submitted this suggestion after he had used Gentoo for a while and had submitted several ebuilds; apparently it caused quite a bit of debate in gentoo-core, and resulted in an invitation to the Gentoo team. While the proposal hasn't been implemented completely, parts of it have been, and George feels that Portage is slowly moving closer to what he suggested. On the Russian front, George coordinates the translation of documentation and the GWN (Russian version coming soon to a browser near you), as well as the community at www.gentoo.ru, comprising forums, a mailing list, and, soon to come, social activities.
Trading nice features for tightness, George runs KDE apps like konqueror and kmail for day-to-day stuff under Fluxbox. The other apps he uses are quite standard, although being in charge of app-sci he ends up playing with quite a few fun and special apps. His workspace, an IBM Thinkpad A21m (P3 800, 512MB RAM, 20GB HD) follows him around everywhere; he also has two boxen at home, one serving as a workstation for his wife, the other serving files and routing. When not busy helping shape the future of Portage or translating documents, George can be found doing graduate work in biophysics at Caltech in Pasadena, CA, spending time with his family, or on the occasional mountain climbing or biking trip. He'll be graduating soon, and is thinking of going to Europe, quite possibly Germany.
Two New Moderators
The Gentoo Forums continue to grow at their own mind-boggling pace, and at times some reenforcement of the happy lot that assumes responsibility for moderation is necessary. Last week, bsolar and andrd joined the group of moderators offering some guidance in polite speech to the occasional hothead, redirecting posts to appropriate context, deleting duplicate threads and the rare occurrences of spam posts:
Everything You Always Wanted to Know About Framebuffers, Boot- And Other Splashes
Cleanliness and a well-presented desktop have always been in good standing with Gentoo users, at least as far as the Forum dwellers are concerned. Now Narada has shown admirable consideration for his fellow desktop Gentooists, by providing a very concise manual for all those who haven't quite come to terms with framebuffers and other graphic tricks:
Public Key Signing
A hot topic in the gentoo-user list was that of PGP keys, encryption and secure communications in general. Lots of good information popped up in the thread. Notably, the Reverand Jeffrey Paul preached the dangers of ignorance in cryptography and recommended this PDF as required reading. In summary of the thread, due to the nature of the communities trust in its members, it should not be easy to get your key signed by just anybody. There are pay services offering "Digital IDs", however that's beside the point. A good place to get connected is at your local LUG (Linux User Group), or better yet, at the next Gentoo gathering.
Upgrading Gentoo RCs (release canidates)
This week it was Joel Palimus asking the question, ".. is there then any reason to install a later release candidate or final release?". Not surprisingly, the -user community responded with a unanimous 'no'. Once you have a base system installed and working, it is brought completely up to date through a series of emerge 'syncs' and 'update worlds'. It was stated, however, that the move from Gentoo 1.2 to 1.4 was a little more rocky. The upgrade required recompiling the whole system with a 'emerge -e world' due to the compiler changing from gcc 2.95 to gcc 3.2. Once gcc-config was released, however, it allowed gcc 2.95.3-r8 and gcc 3.x compilers to co-exist peacefully, making the upgrade even easier. Janne Johansson provided an excellent explanation sourced from the gcc website. And yes, you can rest safely knowing the GWN team will announce any special circumstances in the future.
Several Portage Trees
Francisco Gimeno started a big thread with his "I was wondering about having several portage trees to allow external distributor having repositories of packages." He received several comments from Foser and Method, along with other Gentoo developers, regarding the problems that may arise if such a thing was allowed. Of chief concern is how to properly track dependencies and cache metadata across multiple trees.
Initscripts written in Python
An interesting proposal was brought on, about writing the Gentoo init scripts in python. To form a consistency with portage. Read about the pros and cons.
Ebuild naming policy
Is there one? And if so which one? Here is the full discussion as to how do names come to the Portage tree. Reading the Gentoo Linux Developers HOWTO might come in handy too!
The Gentoo Weekly Newsletter is pleased to announce the creation of a Turkish version of the GWN. For our Turkish users, you can now enjoy the GWN in your native toungue.
Interested in translating the GWN into a different language? As you can see from each issue that comes out, translating the GWN is a fair amount of work. As such, we prefer to have teams of at least 2-3 people per language, rather than having just one person per language. This helps to distribute the load and also ensures that vacations, illnesses and family emergencies don't disrupt our publishing schedule. If you'd like to help translate the GWN, please send an email to gwn-feedback@gentoo.org.
The following stable packages were added to portage this week
The Gentoo community uses Bugzilla (bugs.gentoo.org) to record and track bugs, notifications, suggestions and other interactions with the development team. In the last 7 days, activity on the site has resulted in:
There are currently 2952 bugs open in bugzilla. Of these: 49 are labeled 'blocker', 111 are labeled 'critical', and 236 are labeled 'major'.
The developers and teams who have closed the most bugs this week are:
The developers and teams who have been assigned the most new bugs this week are:
Privilege Separation in Portage
One nice feature of Portage is that it can drop privileges and compile as a less privileged user. It can also sandbox most phases of the installation. This week's tip shows you how to enable these features of Portage to increase the security of your system.
The first step is to create the portage user and group accounts. Portage will use these accounts when running its processes.
Code Listing 8.1: Adding the portage user and group |
# groupadd -g 250 portage # useradd -u 250 -g 250 -s /bin/false portage |
The next step is to fix the ownership on the areas portage will need access to. By default, these directories are /usr/portage, /var/tmp/portage.
Code Listing 8.2: Fixing ownership on Portage directories |
# chown -R portage:portage /usr/portage # chown -R portage:portage /var/tmp/portage |
Note: If you've specified different locations in /etc/make.conf, you will need to ensure that portage has the proper ownership on PORTAGE_TMPDIR, PORTDIR, DISTDIR, PKGDIR, PORT_LOGDIR, and PORTDIR_OVERLAY. |
After the ownership has been set properly, you need to enable the features for privilege separate in /etc/make.conf. To do this, you need to edit the FEATURES line.
Code Listing 8.3: /etc/make.conf FEATURES |
(FEATURES should look something like the following)
FEATURES="sandbox userpriv usersandbox"
|
Portage is now set up to drop root privileges and build packages under the portage user account. To test it, use the command top. When you have top open, type u to display processes for a specific user, and type portage at the prompt to display processes for portage. Now emerge something, and watch as the portage user shows up as the owner of all the commands.
The following developers recently left the Gentoo team:
The following developers recently joined the Gentoo Linux team:
The following developers recently changed roles within the Gentoo Linux project.
Interested in contributing to the Gentoo Weekly Newsletter? Send us an email.
Please send us your feedback and help make GWN better.
12. GWN Subscription Information
To subscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-subscribe@gentoo.org.
To unsubscribe to the Gentoo Weekly Newsletter, send a blank email to gentoo-gwn-unsubscribe@gentoo.org from the email address you are subscribed under.
The Gentoo Weekly Newsletter is also available in the following languages: